Loading...

VONDS ©

Lab 24: File Permissions and Special Bits

Back to Lab Index

Audit and correct dangerous permission changes on shared paths, then apply special bits correctly where they belong. Validate your fixes using long listings and numeric modes so the system behaves safely under real multi-user conditions.

security users troubleshooting

Scenario

A junior admin “fixed” access problems by loosening permissions in the wrong places. You’re brought in to investigate the damage, restore safe defaults, and apply special bits with intention. The priority is preventing cross-user deletion in shared directories and understanding when setuid and setgid are appropriate.

Operator context

Permission issues are rarely isolated. A sloppy chmod can silently create a security incident. Your job is to restore correct behavior and prove it with evidence.

Objective

  • Inspect the current permissions on /tmp and identify what is missing.
  • Restore proper permissions on /tmp using numeric mode.
  • Identify which special bit allows execution with the file owner’s privileges.
  • Apply setuid correctly to a target path and validate the bit is set.
  • Compute the numeric mode for a setgid directory with restricted access.

Concepts

  • Directory permissions are not file permissions. A directory needs execute (x) to traverse and read (r) to list names.
  • The sticky bit on a world-writable directory prevents users from deleting or renaming files they do not own.
  • setuid runs an executable with the file owner’s effective UID; setgid runs it with the file group’s effective GID.
  • On directories, setgid controls group inheritance for new files created under that directory (shared collaboration).
  • Numeric modes are a compact “policy spec” you can audit quickly (example: 1777, 2770).

Walkthrough

Step 1 : Inspect current /tmp permissions.
Command 
ls -ld /tmp

This shows directory permissions, ownership, and whether the sticky bit is enabled. In a multi-user system, /tmp must be world-writable, but it must also prevent users from deleting each other’s files. 

# Bad state example (missing sticky bit):
drwxrwxrwx  2 root root 4096 Jul 18 12:00 /tmp

# Good state includes "t" at the end:
drwxrwxrwt  ... /tmp
Step 2 : Restore correct permissions on /tmp.
Command 
chmod 1777 /tmp

1777 means: sticky bit (1) plus world-writable directory permissions (777). This is the standard safe default for /tmp. 

ls -ld /tmp
# Expect: drwxrwxrwt ... /tmp
Step 3 : Identify the special bit that runs a file with the owner’s privileges.
Answer 
setuid

setuid changes the effective user ID during execution, allowing a program to run with the file owner’s privileges. This is powerful and risky, so it must be used intentionally and sparingly.

Step 4 : Apply setuid to a target file.
Commands 
chmod u+s /usr/local/bin/myscript
# OR
chmod 4755 /usr/local/bin/myscript

Symbolic mode is explicit and readable. Numeric mode is fast and unambiguous. After applying setuid, validate with a long listing and confirm an s appears in the owner execute position. 

ls -l /usr/local/bin/myscript
# Expect owner execute bit to show "s" (setuid).
Step 5 : Compute numeric mode for a setgid directory with full owner and group access only.
Answer 
2770

2 sets setgid on a directory so newly created files inherit the directory’s group ownership. 770 means owner and group have full permissions, and others have none.

Example 
chmod 2770 /srv/shared
ls -ld /srv/shared
# Expect: drwxrws--- ... /srv/shared

Breakpoints

/tmp still missing sticky bit after chmod

You likely changed the wrong path or you are looking at a different mount namespace (containers). Re-run ls -ld /tmp and confirm the trailing character is t.

Uppercase T appears instead of t

T means the sticky bit is set but the directory does not have execute (x) for others. On /tmp, you want drwxrwxrwt, not drwxrwxrwT.

setuid on scripts does not behave as expected

On many systems, setuid scripts are ignored for safety. This bit is intended for binaries that are audited and designed to run with elevated effective privileges.

Accidentally set special bits broadly

If you applied chmod -R or setuid to more than a single intended file, stop and roll back. Special bits should be rare and tightly scoped.

Cleanup checklist

This lab is mostly validation plus targeted permission fixes. Your cleanup is confirming the expected mode and special bits are present only where intended.

Commands 
ls -ld /tmp
ls -l /usr/local/bin/myscript
ls -ld /srv/shared
Success signal

/tmp shows drwxrwxrwt, your setuid target shows an s in the owner execute position, and the setgid directory shows drwxrws--- with no permissions for others.

Reference

  • ls -ld <dir> : Shows directory permissions and special bits in long format.
    • -l : Uses long listing format (modes, owner, group, timestamps).
    • -d : Lists the directory itself, not its contents.
  • chmod <mode> <path> : Changes permissions using numeric or symbolic mode.
  • chmod 1777 /tmp : Sets sticky bit and world-writable permissions for /tmp.
    • 1 : Sticky bit.
    • 777 : rwx for owner, group, and others.
  • chmod +t <dir> : Enables sticky bit on a directory.
    • +t : Sticky bit (directory deletion protection).
  • chmod u+s <file> : Enables setuid on an executable.
    • u+s : setuid (execute with owner’s effective UID).
  • chmod g+s <dir> : Enables setgid on a directory.
    • g+s : setgid (new files inherit directory group).
  • 2770 : Numeric mode for a setgid directory with full owner and group access.
    • 2 : setgid.
    • 770 : rwx for owner and group, none for others.